What's new

WordPress Security Tips

chris

Top Contributor
Hi Peter, as long as you keep site backups and make sure everything is updated you'll be reducing the security risks.
 

Data Glasses

Top Contributor
After being hacked last year i use two plugins

Wordpress Secure and Wordpress Firewall 2

I get regular notifications of hacking attempts ......so far so good
 

findtim

Top Contributor
Yes. Only issue i've found is they assume you have twentyten installed.

I got about 125 "File Missing" notifications, on a few sites.

can you expand on that comment of " they assume.... " as i never use that theme, i use studio press themes so does that mean it doesn't work as well OR..... i have to keep doing something every update?

in your experience with it.

tim
 

johno69

Top Contributor
It works fine. It scans for default core WP files and notifies you if they have been changed or are missing.

They seem to have included the twentyten theme as core WP files in the scan. (The scan assumes you have it installed)

So because I have deleted it totally, it alerts me that these files are missing.

You can simply tell Wordfence to ignore these missing files and it will be fine.

It's a must use plugin for me on every site.
 

findtim

Top Contributor
So because I have deleted it totally, it alerts me that these files are missing.


have you not found if you delete twentyten that when you update WP to new version wp reinstalls twentyten? so i have found its a waste of time deleting it!

tim
 

johno69

Top Contributor
have you not found if you delete twentyten that when you update WP to new version wp reinstalls twentyten? so i have found its a waste of time deleting it!

tim

This has never happened to me. I always delete themes i'm not using as a security measure. And none have ever magically re appeared.

You can always upload a theme via FTP and activate it via MYSQL if everything comes crashing down.
 

johno69

Top Contributor
Another tip, always update themes and plugins even if you are not using them. Even if they are deactivated.

Update update update.
 

findtim

Top Contributor
Another tip, always update themes and plugins even if you are not using them. Even if they are deactivated.

Update update update.

my tip NEVER update a theme or plugin on a clients site until you have done it on a test site.

i have a test site that i do the first update on so if it stuffs up then i can find the problem rather then get phone calls from clients

tim
 

johno69

Top Contributor
Yeah of course or backup.

Just making a point of deactivated stuff getting neglected. All too common.
 

DamianLondon

Top Contributor
Hi All

definately a lot to consider with security when it comes to WP. Most owners develop using WP to complete sites / blogs on the cheap, so security and backups sometimes are left last on the to do list.

After having multiple issues with one particular site I turned to Sucuri (http://www.sucuri.net/). Sucuri is a monitoring and malware removal service. You pay a yearly fee but if one of your sites gets hacked, they fix it for you.

Other monitoring software I use includes WSD Security, Spammer Blocker, Threat Scan, Firewall and UserLocker. UserLocker is a bit of a pain in the A** at times, but it automatically locks logins for Admin if someone is trying to use your Admin login.

D
 

johno69

Top Contributor
Hi All

definately a lot to consider with security when it comes to WP. Most owners develop using WP to complete sites / blogs on the cheap, so security and backups sometimes are left last on the to do list.

After having multiple issues with one particular site I turned to Sucuri (http://www.sucuri.net/). Sucuri is a monitoring and malware removal service. You pay a yearly fee but if one of your sites gets hacked, they fix it for you.

Other monitoring software I use includes WSD Security, Spammer Blocker, Threat Scan, Firewall and UserLocker. UserLocker is a bit of a pain in the A** at times, but it automatically locks logins for Admin if someone is trying to use your Admin login.

D

Wordfence does all this. And now free. I can't sing it's praises enough.
 

Data Glasses

Top Contributor
To the russian hacker who tried no less than 39 times to hack my sites yesterday

.......GET STUFFED

It seems wordpress firewall 2 and secure wordpress did their job

once more .......... GET STUFFED !
 

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

No members online now.

Forum statistics

Threads
11,098
Messages
92,044
Members
2,394
Latest member
Spacemo
Top